Okta Production Release 2016.49 began deployment on December 12. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2016.02 was pushed the second week of 2016. The week numbers follow the ISO Week Date convention.

Special Announcements

Apple iOS 10 Upgrade Impact on Okta Mobility Management Password Sync

Users who have upgraded to iOS 10 should note the following: If you’re using Okta Mobility Management (OMM) to configure Exchange ActiveSync (EAS) profiles, a known issue has been introduced that affects OMM’s ability to perform Password Sync for EAS profile updates on iOS devices.For details and workarounds, see Known Issue: iOS10 upgrade impacts Okta Mobility Management (OMM) Password Sync.

Okta Mobile Connect

The latest updates to Box (v 3.8.9) and Workday (v 2016.41.156.401708)mobile apps have allowed for compatibility with Okta Mobile Connect (OMC), an Okta flow that enables SSO for native mobile apps. As a result, Okta has re-enabled OMC, for Box and Workday only. Other apps previously using OMC will remain disabled until vendors fix the existing issues related to Apple iOS 10 compatibility. For details and a workaround for end users who do not upgrade to the latest versions, see Known Issue: Apple iOS update causes failure in Okta Mobile Connect.

What's New

Unless otherwise noted, these features are available for all organizations with release 2016.49.

You can permanently delete a deactivated user with the Delete button that appears in the directory screen for that user, as shown below. You cannot undo this deletion. After deletion you can reuse the username and other identifiers; however, log entries are retained. For more information, see Deactivating and Deleting People. This is an Early Access (EA) feature; contact OktaSupport to enable it.

We have added two new MFA options for Okta end-users:

Windows Edge users can seamlessly authenticate through Windows Hello.

Okta has also added U2F security key (FIDO 1.0) support, allowing for the use of third-party security keys on Chrome and Firefox.

For more information, see Multifactor Authentication under Factor Types. These areEA features; contact OktaSupport to enable them.

Okta's Instance-level Delegated Authentication (Del Auth) feature is now GA. This feature moves Del Auth enablement from the org-level to the instance-level. While preserving current Del Auth functionality, instance-level Del Auth is optimized for use in environments with multiple AD instances. It allows admins to delegate authentication on a per AD-instance level to support more granular authentication scenarios. For more information, see Delegated Authentication.

App Names are now logged to our new System Log (EA) for the following specific events:

Profile push event (user already found in app).

Import event (user already found in Okta but could not reactivate).

Okta has added a simple passcode option when adding a device policy for Okta Mobility Management (OMM). When admins allow simple passcodes on iOS and OS X devices, end-users can use repeated or increasing/decreasing characters, such as 123 or CBA, when creating passcodes. For more information, see Security Policies under Mobile Policies.

Toolkit Updates

Okta strongly recommends that customers download and upgrade the latest SAML toolkit and the necessary Jira or Confluence authenticators. You can access all of these tools from the Okta Downloads page (from the Dashboard select Settings > Downloads).

Correction: The 2016.49 Preview release notes published on December 7 initially referenced the wrong version of the Confluence Toolkit. The correct version appears above (v2.0.3).

Browser Update

We have modified the phased GA rollout of the Internet Explorer (IE) browser plugin that we began on November 14, 2016 by promoting plugin version 5.9.2 as the latest GA rollout candidate. Version 5.9.2 fixes an issue that prevented the IE plugin from working with our EMEA production environment and also provides performance and security enhancements. Okta strongly recommends that you install the plugin if prompted to do so. If you have any questions or concerns following the upgrade, contact Okta Support. For plugin version history, see Browser Plugin Version History.

Platform Release Notes

Incremental Features Summary

The following table summarizes features that are enabled incrementally. Links in the Feature column point to additional documentation for that feature, if available. After the feature is fully released, it is no longer tracked in this table. For release history of all features, see Features by Release.

Application Updates

We've enhanced the following application integrations:

Our Universal Directory-enabled provisioning integrations for RingCentral Production and RingCentral User Acceptance Testing (UAT) environments are now GA (Preview orgs only). The RingCentral applications support attribute-level mastering, which allows RingCentral to act as a master for user's direct and extension numbers while other attributes are mastered by a different source, such as Active Directory.

Workplace by Facebook

We have enhanced the Workplace by Facebook provisioning integration to include support for the Location attribute. You can now add the Location field to the AppUser profile through Schema Discovery and map it accordingly.

Workplace by Facebook has updated their API to exclude support for the suppressEmail attribute and the Send Email Claim checkbox under the provisioning tab is now a legacy feature. See the Workplace by Facebook provisioning guide for more details.